In the implementation, we use the standard tools that SAP delivers since JAVA Stack Release 6.40. Using the Simple and Protected GSS API Negotiation Mechanism (SPNego), which is integrated in the JAAS login modules SPNegoLoginModule, Kerberos authentication can be performed.
The Web browser receives after the first call of an application in the Java stack the response code 401 (unauthorized) and the value of “WWW-Authenticate: Negotiate” is sent back as a response, where a SPNego token from the Key Distribution Centre (KDC) is then obtained. The SPNego login module decrypts the token and checks the validity and availability of a corresponding SAP user. After successful validation, access to the application is available without entering a password.